You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/threat-analytics.md
+4-3Lines changed: 4 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -57,11 +57,11 @@ Each report provides an analysis of a tracked threat and extensive guidance on h
57
57
58
58
## Required roles and permissions
59
59
60
-
The following table outlines the roles and permissions required to access threat analytics. Roles defined in the following table refer to custom roles in individual portals and aren't connected to global roles in Microsoft Entra ID, even if similarly named.
60
+
The following table outlines the roles and permissions required to access threat analytics. Roles defined in the table refer to custom roles in individual portals and aren't connected to global roles in Microsoft Entra ID, even if similarly named.
61
61
62
-
|**One of the following roles are required for Microsoft Defender XDR**|**One of the following roles are required for Microsoft Defender for Endpoint**|**One of the following roles are required for Microsoft Defender for Office 365**|**One of the following roles are required for Microsoft Defender for Cloud Apps**|**One of the following roles are required for Microsoft Defender for Cloud**|
62
+
|**One of the following roles are required for Microsoft Defender XDR**|**One of the following roles are required for Microsoft Defender for Endpoint**|**One of the following roles are required for Microsoft Defender for Office 365**|**One of the following roles are required for Microsoft Defender for Cloud Apps and Microsoft Defender for Identity**|**One of the following roles is required for Microsoft Defender for Cloud**|
> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
@@ -210,6 +210,7 @@ When looking at the threat analytics data, remember the following factors:
210
210
211
211
- The checklist in the **Recommended actions** tab only displays recommendations tracked in [Microsoft Secure Score](/defender-xdr/microsoft-secure-score). Check the **Analyst report** tab for more recommended actions that aren't tracked in Secure Score.
212
212
- The recommended actions don’t guarantee complete resilience and only reflect the best possible actions needed to improve it.
213
+
- Antivirus-related statistics are based on Microsoft Defender Antivirus settings.
Copy file name to clipboardExpand all lines: defender-xdr/custom-roles.md
+11-11Lines changed: 11 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -42,7 +42,7 @@ If you need greater flexibility and control over access to specific product data
42
42
43
43
For example, a Custom role created through Microsoft Defender for Endpoint would allow access to the relevant product data, including Endpoint data within the Microsoft Defender portal. Similarly, a Custom role created through Microsoft Defender for Office 365 would allow access to the relevant product data, including Email & collaboration data within the Microsoft Defender portal.
44
44
45
-
Users with existing Custom roles may access data in the Microsoft Defender portal according to their existing workload permissions with no additional configuration required.
45
+
Users with existing Custom roles can access data in the Microsoft Defender portal according to their existing workload permissions with no additional configuration required.
46
46
47
47
## Create and manage custom roles
48
48
@@ -75,22 +75,22 @@ Permissions and roles can also be managed in the Microsoft Defender portal:
75
75
76
76
## Required roles and permissions
77
77
78
-
The following table outlines the roles and permissions required to access each unified experience in each workload. Roles defined in the table below refer to custom roles in individual portals and are not connected to global roles in Microsoft Entra ID, even if similarly named.
78
+
The following table outlines the roles and permissions required to access each unified experience in each workload. Roles defined in the table refer to custom roles in individual portals and aren't connected to global roles in Microsoft Entra ID, even if similarly named.
79
79
80
80
> [!NOTE]
81
81
> Incident management requires management permissions for all products that are part of the incident.
82
82
83
83
> [!IMPORTANT]
84
84
> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
85
85
86
-
|Microsoft Defender XDR workload|One of the following roles is required for Defender for Endpoint|One of the following roles is required for Defender for Office 365|One of the following roles is required for Defender for Cloud Apps|
|Threat Analytics|Alerts and incidents data: <ul><li>View data- security operations</li></ul>Defender Vulnerability Management mitigations:<ul><li>View data - Threat and vulnerability management</li></ul>|Alerts and incidents data:<ul> <li>View-only Manage alerts</li> <li>Manage alerts</li> <li>Organization configuration</li><li>Audit logs</li> <li>View-only audit logs</li><li>Security reader</li> <li>Security admin</li><li>View-only recipients</li> </ul> Prevented email attempts: <ul><li>Security reader</li> <li>Security admin</li><li>View-only recipients</li>|Not available for Defender for Cloud Apps or MDI users|
86
+
|Microsoft Defender XDR workload|One of the following roles is required for Defender for Endpoint|One of the following roles is required for Defender for Office 365|One of the following roles is required for Defender for Cloud Apps and Defender for Identity | One of the following roles is required for Microsoft Defender for Cloud |
Copy file name to clipboardExpand all lines: defender-xdr/threat-analytics.md
+4-3Lines changed: 4 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -56,11 +56,11 @@ With more sophisticated adversaries and new threats emerging frequently and prev
56
56
Each report provides an analysis of a tracked threat and extensive guidance on how to defend against that threat. It also incorporates data from your network, indicating whether the threat is active and if you have applicable protections in place.
57
57
58
58
## Required roles and permissions
59
-
The following table outlines the roles and permissions required to access Threat Analytics. Roles defined in the following table refer to custom roles in individual portals and aren't connected to global roles in Microsoft Entra ID, even if similarly named.
59
+
The following table outlines the roles and permissions required to access Threat Analytics. Roles defined in the table refer to custom roles in individual portals and aren't connected to global roles in Microsoft Entra ID, even if similarly named.
60
60
61
-
|**One of the following roles are required for Microsoft Defender XDR**|**One of the following roles are required for Microsoft Defender for Endpoint**|**One of the following roles are required for Microsoft Defender for Office 365**|**One of the following roles are required for Microsoft Defender for Cloud Apps**|**One of the following roles are required for Microsoft Defender for Cloud**|
61
+
|**One of the following roles are required for Microsoft Defender XDR**|**One of the following roles are required for Microsoft Defender for Endpoint**|**One of the following roles are required for Microsoft Defender for Office 365**|**One of the following roles are required for Microsoft Defender for Cloud Apps and Microsoft Defender for Identity**|**One of the following roles is required for Microsoft Defender for Cloud**|
> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
@@ -208,6 +208,7 @@ When looking at the threat analytics data, remember the following factors:
208
208
209
209
- The checklist in the **Recommended actions** tab only displays recommendations tracked in [Microsoft Secure Score](microsoft-secure-score.md). Check the **Analyst report** tab for more recommended actions that aren't tracked in Secure Score.
210
210
- The recommended actions don’t guarantee complete resilience and only reflect the best possible actions needed to improve it.
211
+
- Antivirus-related statistics are based on Microsoft Defender Antivirus settings.
0 commit comments